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Question: 1 


Which of the following tasks is the first task to perform when implementing Oracle Database Vault? 


A. Create command rules 

B. Create command rule sets 
C. Create protection realms 
D. Define master keys 


Answer: C 


Explanation: 

From Vault Administrator Guide What Are Realms? 

After you create a realm, you can register a set of schema objects or roles (secured objects) for realm 
protection and authorize a set of users or roles to access the secured objects. 


Question: 2 


Why would you use an auto-open wallet Instead of a standard encryption wallet? 


A. To save on storage space 

B. To increase the level of security on your encrypted data 

C. To avoid manual Intervention to allow access to encrypted data after an automatic system restart 
D. You must use an auto-open wallet with table space-based Transparent Data Encryption (TDE) 


Answer: C 


Explanation: 

Beacose wallet is closed after restart and it has to be opened again for using TDE. You must enable 
auto login if you want single sign-on access to multiple Oracle databases: such access is normally 
disabled, by default. Sometimes the obfuscated autologin wallets are called "SSO wallets" because 
they support single sign-on capability. 


Question: 3 


Which two of the following features or options give you the ability to set fine-grained access control? 


A. Advanced Security Option 
B. Oracle Database Vault 

C. Oracle Audit Vault 

D. Virtual Private Database 
E. Oracle Label Security 


Answer: A,E 


Explanation: 
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Label Security is used to implement security based on data values in individual rows 


Question: 4 


When will the changes in Database Vault access permissions take effect? 


A. Immediately 

B. The next time the database server is stopped and started 
C. After the next database backup 

D. After an ALTER SYSTEM DBV is issued 


Answer: A 


Explanation: 
Changes to Database Vault permissions take effect immediately. 


Question: 5 


Your customer wants to add an additional level of security to their data, based on values in individual 
records. 

They can specify a group of records for access control with a simple WHERE clause. Which security 
feature or option will give them this capability for the lowest cost? 


A. Advanced Security Option 
B. Oracle Database Vault 

C. Oracle Audit Vault 

D. Oracle Data Masking Pack 
E. Virtual Private Database 
F. Oracle Label Security 


Answer: E 


Explanation: 

Oracle Virtual Private Database (VPD). This feature restricts data access by creating a policy that 
enforces a WHERE clause for all SQL statements that query the database. You create and manage the 
VPD policy at thedatabase table or view level, which means that you do not modify the applications 
that access the database. 


Question: 6 


Which of the following tasks is the first task to perform when implementing Oracle Database Vault? 


A. Create command rules 

B. Create command rule sets 
C. Create protection realms 
D. Define master keys 
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Answer: C 


Explanation: 
After you create a realm, you can register a set of schema objects or roles (secured objects) for realm 
protection and authorize a set of users or roles to access the secured objects. 


Question: 7 


Which of the following Is NOT a responsibility defined within Oracle Database Vault? 


A. Account Management 
B. Database Administration 
C. Security Administration 
D. RAC Administration 


Answer: B 


Explanation: 
You can add\delete and configure Vault on RAC nodes. Can manage accounts and security. 


Question: 8 


What data masking technique ensures that a customer number gets masked to the same value 
across all databases? 


A. Condition-based masking 
B. Compound masking 

C. Deterministic masking 

D. Relationship masking 


Answer: D 


Explanation: 
According to labels 


Question: 9 


When implementing Transparent Data Encryption (TDE), which of the following answers describes 
the correct order of the listed operations? 


A. Create a wallet, create a master key, and create tables that contain encrypted columns. 

B. Create tables that contain encrypted columns, create a wallet, create a master key, and open the 
wallet. 

C. Create a wallet, open the wallet, create a master key, and create tables that contain encrypted 
columns. 

D. Create a master key, create a wallet, open the wallet, and create tables that contain encrypted 
columns. 
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Answer: A 


Explanation: 

Step 2: Create the Wallet To create the wallet, use the ALTER SYSTEM SQL statement. By default, the 
Oracle wallet stores a history ofretired master keys, which enables you to change them and still be 
able to decrypt data that was encryptedunder an old master key ALTER SYSTEM SET ENCRYPTION KEY 
IDENTIFIED BY "password"; This statement generates the wallet with a new encryption key and sets it 
as the current transparent data encryption master key. 

Immediately after you create the wallet key, the wallet is open, and you are ready to start encrypting 
data. 


Question: 10 


When is Transparent Data Encryption invoked? 


A. When triggered by an administrator 

B. During all I/O operations 

C. Automatically in batches 

D. Only when the data is initially loaded into the database 


Answer: B 


Explanation: 

How Transparent Data Encryption Works 

Afterward, when a user enters data into an encrypted column, Oracle Database performs the 
following steps: 

1.Retrieves the master key from the wallet. 

2.Decrypts the encryption key of the table from the data dictionary. 

3.Uses the encryption key to encrypt the data the user entered into the encrypted column. 

4.Stores the data in encrypted format in the database. 
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